Zimbra Collaboration Suite 7.0

Administrator's Guide

Open Source Edition

zmprov (Provisioning)

The zmprov tool performs all provisioning tasks in Zimbra LDAP, including creating accounts, aliases, domains, COS, distribution lists, and calendar resources. Each operation is invoked through command-line options, each of which has a long name and a short name.

The syntax is zmprov [cmd] [argument].

The syntax for modify can include the prefix “+” or “-” so that you can make changes to the attributes affected and do not need to reenter attributes that are not changing.

Use + to add a new instance of the specified attribute name without changing any existing attributes.

Use - to remove a particular instance of an attribute.

The following example would add the attribute zimbraZimletUserProperties with the value “blue” to user 1 and would not change the value of any other instances of that attribute.

zmprov ma user1 +zimbraZimletUserProperties "com_company_testing:favoriteColor:blue"

The attributes for the tasks zmprov can be used with are listed when you type zmprov -h. The task area divided into the following sections:

Accounts

Calendar

Commands

Config

COS

Domain

Free/busy

Distribution list)

Mailbox

Search

Server

Share

 

 

 

Short Name	Long Name	Syntax, Example, and Notes
-h	--help	display usage
-f	--file	use file as input stream
-s	--server	{host}[:{port}] server hostname and optional port
-l	--ldap	provision via LDAP instead of SOAP
-L	--log property file	log 4j property file, valid only with -l
-a	--account {name}	account name to auth as
-p	--password {pass}	password for account
-P	--passfile {file}	read password from file
-z	--zadmin	use Zimbra admin name/password from localconfig for admin/password
-y	--authtoken (authtoken)	use auth token string (has to be in JSON format) from command line
-Y	--authtoken (authtoken file)	use auth token string (has to be in JSON format) from command line
-v	--verbose	verbose mode (dumps full exception stack trace)
-d/	--debug	debug mode (dumps SOAP messages)
-m	--master	use LDAP master. This only valid with -l

The commands in the following table are divided into the tasks types.

 

Long Name	Short Name	Syntax, Example, and Notes
Account Provisioning Commands
addAccountAlias	aaa	{name@domain|id|adminName} {alias@domain} zmprov aaa joe@domain.com joe.smith@engr.domain.com
checkPasswordStrength	cps	Syntax: {name@doman|id} {password} Note: This command does not check the password age or history. zmprov cps joe@domain.com test123
createAccount	ca	Syntax:{name@domain} {password} [attribute1 value1 etc] Type on one line. zmprov ca joe@domain.com test123 displayName JSmith
createDataSource	cds	{name@domain} {ds-type} {ds-name} [attr1 value1 [attr2 value2...]]
createIdentity	cid	{name@domain} {identity-name} [attr1 value1 [attr2 value2...]]
createSignature	csig	{name@domain} {signature-name} [attr1 value1 [attr2 value2...]]
deleteAccount	da	Syntax:{name@domain|id|adminName} zmprov da joe@domain.com
deleteDataSource	dds	{name@domain|id} {ds-name|ds-id}
deleteIdentity	did	{name@domain|id} {identity-name}
deleteSignature	dsig	{name@domain|id} {signature-name}
getAccount	ga	Syntax:{name@domain|id|adminName} zmprov ga joe@domain.com
getAccountMembership	gam	{name@domain|id}
getAllAccounts	gaa	Syntax: [-v] [{domain}] zmprov -l gaa zmprov gaa -v domain.com
getAllAdminAccounts	gaaa	Syntax: gaaa zmprov gaaa
getDataSources	gds	{name@domain | id} [arg 1 [arg 2...]]
getIdentities	gid	{name@domain | id} [arg 1 [arg 2...]]
getSignatures	gsig	{name@domain | id} [arg 1 [arg 2...]]
modifyAccount	ma	{name@domain|id|adminName} [attribute1 value1 etc] zmprov ma joe@domain.com zimbraAccountStatus maintenance
modifyDataSource	mds	{name@domain | id} {ds-name |ds-id} [attr 1 value 1 [attr2 value 2...]]
modifyIdentity	mid	{name@domain |id} {identity-name} [attr 1 value 1 [attr 2 value 2...]]
modifySignature	msig	{name@domain |id} {signature-name | signature-id} [attr 1 value 1 [attr 2 value 2...]]
removeAccountAlias	raa	{name@domain|id|adminName} {alias@domain} zmprov raa joe@domain.com joe.smith@engr.domain.com
renameAccount	ra	{name@domain|id} {newname@domain} zmprov ra joe@domain.com joe23@domain.com
setAccountCOS	sac	{name@domain|id|adminName} {cos-name|cos-id} zmprov sac joe@domain.com FieldTechnician
setPassword	sp	{name@domain|id|adminName} {password} Note: Passwords cannot included accented characters in the string. Example of accented characters that cannot be used: ã, é, í, ú, ü, ñ. zmprov sp joe@domain.com test321
Calendar Resource Provisioning Commands
createCalendarResource	ccr	{name@domain} [attr1 value1 [attr2 value2...]]
deleteCalendarResource	dcr	{name@domain|id}
getAllCalendarResources	gacr	[-v] [{domain}]
getCalendarResource	gcr	{name@domain|id}
modifyCalendarResource	mcr	{name@domain|id} [attr1 value1 {attr2 value2...]]
renameCalendarResource	rcr	{name@domain|id} {newName@domain}
searchCalendarResources	scr	[-v] domain attr op value {attr op value...]
Free Busy Commands
getAllFbp	gafbp	[-v]
getFreebusyQueueInfo	gfbqi	[{provider-name}]
pushFreebusy	pfb	{domain | account-id} [account-id...]
Domain Provisioning Commands
countAccount	cta	{domain|id} This lists each COS, the COS ID and the number of accounts assigned to each COS
createAliasDomain	cad	{alias-domain-name} {local-domain-name|id} [attr1 value1 [attr2 value2...]]
createDomain	cd	{domain} [attribute1 value1 etc] zmprov cd mktng.domain.com zimbraAuthMech zimbra
deleteDomain	dd	{domain|id} zmprov dd mktng.domain.com
getDomain	gd	{domain|id} zmprov gd mktng.domain.com
getDomainInfo	gdi	name|id|virtualHostname {value} [attr1 [attr2...]]
getAllDomains	gad	[-v]
modifyDomain	md	{domain|id} [attribute1 value1 etc] zmprov md domain.com zimbraGalMaxResults 500 Note: Do not modify zimbraDomainRenameInfo manually. This is automatically updated when a domain is renamed.
renameDomain	rd	{domain|id} {newDomain} Note: renameDomain can only be used with “zmprov -l/--ldap”
COS Provisioning Commands
copyCos	cpc	{src-cos-name|id} {dest-cos-name}
createCos	cc	{name} [attribute1 value1 etc] zmprov cc Executive zimbraAttachmentsBlocked FALSE zimbraAuthTokenLifetime 60m zimbraMailQuota 100M zimbraMailMessageLifetime 0
deleteCos	dc	{name|id} zmprov dc Executive
getCos	gc	{name|id} zmprov gc Executive
getAllCos	gac	[-v] zmprov gac -v
modifyCos	mc	{name|id} [attribute1 value1 etc] zmprov mc Executive zimbraAttachmentsBlocked TRUE
renameCos	rc	{name|id} {newName} zmprov rc Executive Business
Server Provisioning Commands
createServer	cs	{name} [attribute1 value1 etc]
deleteServer	ds	{name|id} zmprov ds domain.com
getServer	gs	{name|id} zmprov gs domain.com
getAllServers	gas	[-v] zmprov gas
getAllReverseProxyBackends	garpb
modifyServer	ms	{name|id} [attribute1 value1 etc] zmprov ms domain.com zimbraVirusDefinitionsUpdateFrequency 2h
getAllReverseProxyURLs	garpu	Used to publish into nginx.conf what servers should be used for reverse proxy lookup.
getAllMtaAuthURLs	gamau	Used to publish into saslauthd.conf what servers should be used for saslauthd.conf MTA auth
getAllMemcachedServers	gamcs	Used to list memcached servers (for nginix use).
Config Provisioning Commands
getAllConfig	gacf	[-v] All LDAP settings are displayed
getConfig	gcf	{name}
modifyConfig	mcf	attr1 value1 Modifies the LDAP settings.
Distribution List Provisioning Commands
createDistributionList	cdl	{list@domain} zmprov cdl needlepoint-list@domain.com
addDistributionListMember	adlm	{list@domain|id} {member@domain} zmprov adlm needlepoint-list@domain.com singer23@mail.free.net
removeDistributionListMember	rdlm	{list@domain|id} zmprov rdlm needlepoint-list@domain.com singer23@mail.free.net
getAlldistributionLists	gadl	[-v]
get DistributionListmembership	gdlm	{name@domain|id}
getDistributionList	gdl	{list@domain|id} zmprov gdl list@domain.com
modifyDistributionList	mdl	{list@domain|id} attr1 value1 {attr2 value2...} zmprov md list@domain.com
deleteDistributionList	ddl	(list@domain|id}
addDistributionListAlias	adla	{list@domain|id} {alias@domain}
removeDistributionListAlias	rdla	{list@domain|id} {alias@domain}
renameDistributionList	rdl	{list@domain|id} {newName@domain}
Mailbox Commands
getMailboxInfo---	gmi	{account}
getQuotaUsage---	gqu	{server}
reIndexMailbox	rim	{name@domain|id} {start|status|cancel} [{reindex-by} {value1} [value2...]]
RecalculateMailboxCounts	rmc	{name@domain|id} When unread message count and quota usage are out of sync with the data in the mailbox, use this command to immediately recalculate the mailbox quota usage and unread messages count. Important: Recalculating mailbox quota usage and message count should be schedule to run in off peak hours and used on one mailbox at a time.
selectMailbox	sm	{account-name} [{zmmailbox commands}]
Logs
addAccount Logger	aal	{name@domain|id} {logging-category} {debug|info|warn|error} Creates custom logging for a single account
getAccountLoggers	gal	[-s/--server hostname] {name@domain|id} {logging-category} {debug|info|warn|error}
getAllAccountLoggers	gaal	[-s/--server hostname] Shows all individual custom logger account
removeAccountLogger	ral	[-s/ --server hostname] {name@domain|id} {logging-category} When name@domain is specified, removes the custom logger created for the account otherwise removes all accounts all account loggers from the system.
See the zmprov Log Categories for a list of logging categories.
Search
searchGAL	sg	{domain} {name} zmprov sg joe
autoCompleteGal	acg	{domain} {name}
searchAccounts	sa	[-v] {ldap-query} [limit] [offset] [sortBy {attribute} [sortAscending 0|1] [domain {domain}]
Share Provisioning Commands
For a GUI view of results, see Distribution List Shares tab on the administration console
getPublishedDistributionListShareInfo	gpdlsi	{dl-name|dl-id} [{owner-name|owner-id}]
getShareInfo	gsi	{owner-name|owner-id}
publishDistribtionListShareInfo	pdlsi	{+|-} {dl-name@domain|id} {owner-name|owner-id} [{folder-path|folder-id}]
Miscellaneous Provisioning Commands
describe	desc	[[-v] [-ni] [{entry-type}]] | [-a {attribute-name}] Prints all attribute names (account, domain, COS, servers, etc.).
generateDomainPreAuthKey	gdpak	{domain|id} Generates a pre-authentication key to enable a trusted third party to authenticate to allow for single-sign on. Used in conjunction with GenerateDomainPreAuth.
generateDomainPreAuth	gdpa	{domain|id} {name} {name|id|foreignPrincipal} {timestamp|0} {expires|0} Generates preAuth values for comparison.
syncGal	syg	{domain} [{token}]
flushCache	fc	[skin|local|account|config|cos|domain|server|zimlet} [name1|id] Flush cached LDAP entries for a type. See Zimbra Directory Service chapter, Flushing LDAP Cache
getAccountLogger	gal	[-s /--server hostname] {name@domain | id}
The following are zmprov commands that are specific to Zimbra IMAP/POP proxy.
--getAllReverseProxyURLs	-garpu	Used to publish into nginx.conf the servers that should be used for reverse proxy lookup.
--getAllReverseProxyBackends	-garpb	Returns the list of servers that have zimbraReverseProxyLookupTarget=TRUE. Basically if a mailbox server is available for lookup requests from the proxy.
--getAllReverseProxyDomains	-garpd	Returns a list of all domains configured with ZimbraSSLCertificate zimbraVirtualHostname and zimbraVirtualIPAddress configured. This allows the proxy to configure a list of domains to serve customized/domain certificates for.

Examples

Create one account with a password that is assigned to the default COS.

zmprov ca name@domain.com password

Create one account with a password that is assigned to a specified COS. You must know the COS ID number. To find a COS ID, type zmprov gc <COSname>.

zmprov ca name@domain.com password zimbraCOS cosIDnumberstring

Create one account when the password is not authenticated internally.

zmprov ca name@domain.com ‘’

The empty single quote is required and indicates that there is no local password.

Using a batch process to create accounts, see Managing the zimbra Collaboration Suite chapter for the procedure.

Add an alias to an account.

zmprov aaa accountname@domain.com aliasname@domain.com

Create distribution list. The ID of the distribution list is returned.

zmprov cdl listname@domain.com

Add a member to a distribution list. Tip: You can add multiple members to a list from the administration console.

zmprov adlm listname@domain.com member@domain.com

Change the administrator’s password. Use this command to change any password. Enter the address of the password to be changed.

zmprov sp admin@domain.com password

Create a domain that authenticates against zimbra OpenLDAP.

zmprov cd marketing.domain.com zimbraAuthMech zimbra

Set the default domain.

zmprov mcf zimbraDefaultDomain domain1.com

To list all COSs and their attribute values.

zmprov gac -v

To list all user accounts in a domain (domain.com)

zmprov gaa domain.com

To list all user accounts and their configurations

zmprov gaa -v domain.com

To enable logger on a single server

zmprov +zimbraServiceEnabled logger

Then type zmloggerctl start, to start the logger.

To modify the purge interval, set zimbraMailPurgeSleepInterval to the duration of time that the server should “sleep” between every two mailboxes. Type:

zmprov ModifyServer <server-name> zimbraMailPurgeSleepInterval <Xm>

X is the duration of time between mailbox purges; m represents minutes. You could also set <xh> for hours.

Modify zimbraNewMailNotification to customize the notification email template. A default email is sent from Postmaster notifying users that they have received mail in another mailbox. To change the template, you modify the receiving mailbox account. The variables are

•	${SENDER_ADDRESS}

•	${RECIPIENT_ADDRESS}

•	${RECIPIENT_DOMAIN}

•	${NOTIFICATION_ADDRESSS}

•	${SUBJECT}

•	${NEWLINE}

You can specify which of the above variables appear in the Subject, From, or Body of the email. The following example is changing the appearance of the message in the body of the notification email that is received at name@domain.com. You can also change the template in a class of service, use zmprov mc. The command is written on one line.

zmprov ma name@domain.com zimbraNewMailNotificationBody ‘Important message from ${SENDER_ADDRESS}.${NEWLINE}Subject:${SUBJECT}’

zmprov Log Categories

 

zimbra.account	Account operations
zimbra.acl	ACL operations
zimbra.backup	Backup and restore
zimbra.cache	Inmemory cache operations
zimbra.calendar	Calendar operations
zimbra.dav	DAV operations
zimbra.dbconn	Database connection tracing
zimbra.extensions	Server extension loading
zimbra.filter	Mail filtering
zimbra.gal	GAL operations
zimbra.imap	IMAP protocol operations
zimbra.index	Index operations
zimbra.io	Filesystem operations
zimbra.ldap	LDAP operations
zimbra.lmtp	LMTP operations (incoming mail)
zimbra.mailbox	General mailbox operations
zimbra.misc	Miscellaneous
zimbra.op	Changes to mailbox state
zimbra.pop	POP protocol operations
zimbra.redolog	Redo log operations
zimbra.security	Security events
zimbra.session	User session tracking
zimbra.smtp	SMTP operations (outgoing mail)
zimbra.soap	SOAP protocol
zimbra.sqltrace	SQL tracing
zimbra.store	Mail store disk operations
zimbra.sync	Sync client operations
zimbra.system	Startup/shutdown and other system messages
zimbra.wiki	Wiki operations
zimbra.zimlet	Zimlet operations